Tobias,
If you're determined to put an nss interface onto the ptserver, you might start by looking at http://tarna.oit.unc.edu/~utoddl/ and grabbing nss_pts_0.2.tgz. It only implements getpwuid(), but you could add other relevant getXXX() functions if you want them. It works on Linux and Solaris. Don't know about other platforms.
You might also want to consider another approach. While you're there, grab propup.tar.gz. Propup is a pam module that you can put first in your pam stack. It always returns true, but has the side effect of checking to see if the user who's trying to log in is already in the /etc/passwd file. If not, it checks for the existence of that user in a file in AFS. (We keep a file that looks very like an /etc/passwd file in our cell that has everybody in it. That file is called [...]/prop/users, hence the name of the module. Obviously you could change it to look directly at, say, ptserver, maybe using code from nss_pts_0.2, if you didn't want to maintain such a file.) If the user is there but not in /etc/passwd, it adds their info to the local /etc/passwd file, then runs pwconv. In any case, it returns true to the pam stack. This way your users get automatically added to your system as they try to login the first time.
These are both quick and dirty hacks, but they work well for me. By all means, feel free to enhance and/or repair them to your heart's content.
Happy computing, -- [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hi *,
does anyone know a nss-module for AFS or something like that?
I've a couple of AFS-machines in one cell and want to be able to log on to the system using the AFS-accounts. This works fine with the pam_afs module as long as the afs-user exists in my local /etc/passwd.
What I'm searching for is something with the functionality of an nss-module,
that creates (maybe on a
template-basis) the missing information for the login-process on the fly.
Example: What AFS can deliver (through pam_afs): Username:Passwort
What is missing (in comparision to the /etc/passwd): uid:gid:gecos:home_dir:shell
The missing information may either be exported from afs by asking the ptserver (e.g. the uid) or by generating them. The home-dir can be generated from a configuratable prefix (e.g. /afs/CELLNAME/home/) and the afs-username. The gecos is not really important. And the shell can also be set by in template (e.g. /bin/sh).
The reason is that I want to be able to add a user to the afs on one host and then log on at any of the hosts without syncing anything and without an additional user-list like LDAP.
By now I haven't found something like this. So for the case that you don't
know such a thing, too I'm playing with the idea to write a nss_afs-module. Would anyone of you be able to help me
with it (Reviewing code and so on...) ?
Greets Tobias
_______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
